Amendments to the Claims 

1 . (Currently Amended) A method for pr e v e nting pack e t r e transmissions during 

Int e rn e t Protocol s e curity (IPs e c) s e curity association e stablishment comprising: 
intercepting a Transmission Control Protocol (TCP) connection request by an 

application; 
negotiating for a security association; 
establishing the security association; and 

allowing the TCP connection request to proceed after the security association is 

established. 
monitoring application sock e t r e qu e sts; 

r e qu e sting a Transmission Control Protocol (TCP) conn e ction by an application; 
d e t e rmining if th e re is an activ e s e curity association that e xists to prot e ct n e twork 

flow associat e d with th e conn e ction r e quest; 
pr e v e nting th e conn e ction r e qu e st from proc ee ding if no activ e s e curity 

association e xists to prot e ct th e n e twork flow; 
d e t e rmining if a s e curity policy e xists for th e n e twork flow if no activ e s e curity 

association e xists to prot e ct th e n e twork flow; 
al e rting a s e curity association n e gotiation compon e nt to initiat e n e gotiation for a 

s e curity association bas e d on th e s e curity policy if th e s e curity policy 

e xists for th e n e twork flow; and 
allowing th e conn e ction r e qu e st to proc e ed if on e of th e activ e security 

association exists and the s e curity association is e stablish e d from the 

n e gotiation. 
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2. 



(Currently Amended) The method of according to claim 1, wherein the security 
association n e gotiation compon e nt comprises an Internet Key Exchange (IKE) 
component. 



3. (Currently Amended) The method of according to claim 1 , wherein th e activ e 
s e curity association and the security association is_are»based on at l e ast one or 
more of the following: 

a source Internet Protocol (IP) address; addr e ss, 

a destination IP address; addr e ss, 

a protocoh p rotocoK 

a source port; port, and 

a destination port. 



4. (Currently Amended) The method of according to claim 3, wherein the protocol 
comprises one or more of the following: 
TCPiTGP^ 

User Datagram Protocol (UDP U UDP). 

Internet Control Message Protocol QCMP); (ICMP\ and 

Internet Group Management Protocol (IGMP). 
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5. (Currently Amended) The method of according to claim 1, further comprising^ 
determining if an active security association exists to protect network flow 

associated with the TCP connection request; 
determining if a security policy exists for the network flow if no active security 

association exists to protect the network flow; 
alerting a security association negotiation component to initiate negotiation for an 

alternative security association based on the security policy. 
determining if th e n e twork flow can b e allow e d without a s e curity association if 

no security policy e xists for th e n e twork flow. 

6. (Currently Amended) The method of according to claim 1, further comprising 
retrieving the security association from a database. 

7. (Currently Amended) The method of according to claim 6, wherein the database 
contains mappings between network flow information and the security 
association associations . 

8. (Currently Amended) The method of according to claim 7, wherein the network 
flow information comprises at l e ast one or more of the following: 

a source Internet Protocol (IP) address; addr e ss. 
a destination IP address; addr e ss, 
a protocoh p rotocoL 
a source port; port, and 

a destination port. 
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9. (Currently Amended) The method of according to claim 1, further comprising 
retrieving the security policy from the a -database. 

10. (Currently Amended) A method for pr e v e nting pack e t r e transmissions during 
Intern e t Protocol s e curity (IPs e c) s e curity association establishment comprising: 
monitoring application socket requests; 

requesting transmission of User Datagram Protocol (UDP) data on a socket by an 
application; 

intercepting the transmission of the UDP data on the socket by the application; 

determining if the socket has been associated with an active security association; 
determining if there is a defined security association that may be used to protect 

network flow if the socket has not been associated with an active security 

association; 

determining what security policy should be used when negotiating a security 

association for the network flow if there is no defined security association 

that may be used to protect the network flow; 
pr e v e nting th e UDP data from b e ing s e nt if th e r e is no d e fin e d s e curity 

association that may be us e d to prot e ct th e n e twork flow; 
alerting a security association negotiation component to initiate negotiation for the 

security association if there is no defined security association that may be 

used to protect the network flow; 
establishing the security association; and 
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allowing the UDP data to be sent in response to establishment of the security 
association. 



11. (Currently Amended) The method of according to claim 10, wherein the security 
association negotiation component comprises an Internet Key Exchange (IKE) 
component. 

12. (Currently Amended) The method of according to claim 10, comprising 
negotiating for the a rsecurity association using security parameters specified by 
the security a -policv. 

13. (Currently Amended) The method of according to claim 10, wherein the second 
determining comprises comparing filters with at l e ast one or more of the 
following: 

a source Internet Protocol (IP) address; addr e ss, 
a destination IP address; addr e ss. 
a protocoh p rotocoL 
a source port; port, and 

a destination port, wherein the destination port includes th e at l e ast one or 
more o f the following 
a source Internet Protocol (EP) address, 
a destination IP address, 
a protocol, 

a source port, and 
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a destination port related to the network flow , th e filt e rs relat e d to 
d e fin e d s e curity associations . 

14. (Currently Amended) The method of according to claim 13, wherein each filter 
comprises comprising at l e ast one or more o f the following: 

a source Internet Protocol (IP) address; addr e ss, 
a destination IP address; addr e ss, 
a protocol; p rotocol 
a source port; port, and 
a destination port. 

15. (Currently Amended) The method of according to claim 13, wherein the security 
policy comprises at least one filter. 

16. (Currently Amended) The method of according to claim 10, further comprising 
determining if the network flow can be allowed without the a-securitv association 
if no security policy exists for the network flow. 

1 7 . (Currently Amended) A system computing d e vic e for pr e v e nting pack e t 
r e transmission s during Int e rn e t Protocol s e curity (IPs e c) security association 
e stablishm e nt with a n e twork unit, th e d e vic e and n e twork unit op e rably 
conn e ct e d to a n e twork, th e computing d e vice comprising: 

a network; 
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a network intercepto r coupled with the network , the network interceptor to 

intercept a Transmission Control Protocol (TCP) connection request by an 
a pplication; monitoring an application's sock e t r e qu e sts; 

a s e curity association databas e op e rably conn e ct e d to the n e twork interc e ptor, th e 
s e curity association databas e containing a mapping of n e twork flow 
information to s e curity association information; 

a s e curity policy databas e op e rably connect e d to th e network int e rc e ptor, the 

s e curity policy databas e containing polici e s that d e scrib e param e t e rs that 
ar e to b e us e d in a n e gotiation of a security association; 

a security association negotiation component coupled with the network 

interceptor, the security association negotiation component op e rably 
conn e ct e d to th e n e twork int e rc e ptor, th e s e curity association n e gotiation 
compon e nt capabl e of n e gotiating to negotiate a security association-^wkh 
a n e twork unit and to establish the security association ; and 

the network interceptor to allow the TCP connection request to proceed after the 
security association is established. 

an Int e rnet Protocol s e curity (IPs e c) pack e t classifi e r, th e IPs e c pack e t classifier 
r e sponsibl e for p e rforming IPs e c proc e ssing on incoming and outgoing 
pack e ts, wher e in th e n e twork interceptor insur e s that a s e curity association 
is in plac e b e for e allowing n e twork traffic to flow betw ee n th e application 
and th e n e twork unit. 
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18. (Currently Amended) The system of d e vic e according to claim 1 7, wherein the 
network flow information comprises at l e ast one or more of the following: 

Internet Protocol (IP) addresses; addr e ss e s, 

a protocoh p rotocol and 

ports. 

19. (Currently Amended) The system of d e vic e according to claim 17, further 
comprising an Internet Protocol security (IPsec) packet classifier to be responsible 
for performing IPsec processing on incoming and outgoing packets, wherein the 
network interceptor insures that a security association is in place before allowing 
network traffic to flow between the application and the network unit wh e r e in th e 
s e curity association n e gotiation compon e nt compris e s Int e rn e t K e y Exchange 
(IKE). 

20. (Currently Amended) A machine-readable medium having stored thereon data 
representing sets of instructions which, when executed by a machine, cause the 
machine to: An article comprising a storag e m e dium having instructions stor e d 
th e r e in, wh e n 

intercept a Transmission Control Protocol (TCP) connection request by an 

a pplication; 
negotiate for a security association; 
establish the security association; and 

allow the TCP connection request to proceed after the security association is 

established. 
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e x e cut e d caus e s a computing d e vic e to p e rform; 
monitoring application sock e t r e qu e sts; 

r e qu e sting a Transmission Control Protocol (TCP) conn e ction by an application; 
d e t e rmining if th e r e is an active s e curity association that e xists to prot e ct n e twork 

flow associat e d with the conn e ction r e quest; 
pr e v e nting th e conn e ction r e qu e st from proc ee ding if no activ e s e curity 

association e xists to prot e ct th e n e twork flow; 
det e rmining if a s e curity policy e xists for th e n e twork flow if no activ e s e curity 

association e xists to prot e ct th e n e twork flow; 
al e rting a s e curity association negotiation compon e nt to initiat e n e gotiation for a 

s e curity association bas e d on th e s e curity policy if th e s e curity policy 

e xists for the n e twork flow; and 
allowing th e conn e ction r e qu e st to proc ee d if on e of th e active security 

association e xists and th e s e curity association is e stablished from the 

n e gotiation. 

21. (Currently Amended) The machine-readable medium of The articl e according to 
claim 20, wherein the security association negotiation component comprises an 
Internet Key Exchange (IKE) component. 

22. (Currently Amended) The machine-readable medium of Th e articl e according to 
claim 20, further cause the machine to: comprising negotiating for a s e curity 
association using s e curity param e t e rs specifi e d by a policy. 
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determine if an active security association exists to protect the network flow 

associated with the TCP connection request: 
determine if a security policy exists for the network flow if no active security 

association exists to protect the network flow: 
alert a security association negotiation component to initiate negotiation for an 

alternate security association based on the security policy if the security 

policy exists for the network flow. 



23. (Currently Amended) The machine-readable medium of The articl e according to 
claim 20, wherein the active security association comprises at l e ast one or more of 
the following: 

a^source Internet Protocol (IP): tfP^ 

a_destination l?:H^ 

a protocoh p rotocoK 

a^source port; port, and 

a_destination port. 



24. (Currently Amended) A machine-readable medium having stored thereon data 
representing sets of instructions which, when executed by a machine, cause the 
machine to: An articl e comprising a storag e m e dium having instructions stored 
th e rein, th e instructions wh e n e x e cut e d caus e s a computing d e vic e to p e rform: 
monitor monitoring application socket requests; 

request r e qu e sting transmission of User Datagram Protocol (UDP) data on a 

socket by the application; 
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intercept the transmission of the UDP data on the socket by the application; 

determine d e t e rmining if the socket has been associated with an active security 
association; 

determine d e t e rmining if there is a defined security association that may be used 

to protect network flow if the socket has not been associated with an active 

security association; 
determine d e t e rmin m^-what security policy should be used when negotiating a 

security association for the network flow if there is no defined security 

association that may be used to protect the network flow; 
pr e v e nting th e UDP data from b e ing s e nt if th e r e is no d e fin e d s e curity 

association that may b e us e d to prot e ct th e n e twork flow; 
alert al e rting a security association negotiation component to initiate negotiation 

for the security association if there is no defined security association that 

may be used to protect the network flow; 
establish e stablishing the security association; and 

allow allowing the UDP data to be sent in response to establishment of the 
security association. 

25. (Currently Amended) The machine-readable medium of Th e articl e according to 
claim 24, wherein the security association negotiation component comprises an 
Internet Key Exchange (IKE) component. 
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26. 



(Currently Amended) The machine-readable medium of Th e articl e according to 
claim 24, further cause the machine to negotiate comprising negotiating for the a 
security association using security parameters specified by a policy. 



27. (Currently Amended) The machine-readable medium of Th e articl e according to 
claim 24, wherein the active security association comprises at least one or more of 
the following: 

a^source Internet Protocol (IP); tfP4? 

a_destination IP;tP? 

a protocoh p rotocoK 

a_source port; port, and 

a_destination port. 



28-29. (Cancelled) 
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